One downside of iCloud Backup for those who are interested in privacy is that, unlike with the Mac’s FileVault data encryption, Apple provides no option to store the encryption key yourself. Instead, Apple always holds that encryption key, thus giving the company access to everything in your backup. Some similar services—including Backblaze, iDrive Online Backup, SOS Online Backup, and Zoolz Home—allow you to create and store a personal encryption key, ensuring that you and only you can ever read those backups. Lose that key and the data is gone forever, with no recovery option.
Reuters is reporting that Apple made the decision not to let users create and store personal encryption keys for iCloud Backup under pressure from the US Federal Bureau of Investigation. Apple’s privacy stance has caused it to clash with the FBI in recent years, first over Apple’s inability to decrypt the San Bernardino shooter’s iPhone (see “Thoughts on Tim Cook’s Open Letter Criticizing Backdoors,” 17 February 2016), and most recently over the Pensacola naval base shooting (see “Is the FBI Gearing Up for Another Encryption Fight with Apple?,” 9 January 2020).
Although Apple has used these public spats to bolster its privacy cred, Reuters sources say the company contacted the FBI before moving forward with allowing users to hold their own iCloud Backup encryption keys. The FBI objected, and Apple decided to drop the feature because it “did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.” Reuters’s sources are anonymous but include several current and former Apple and FBI employees.
However, Reuters may not have the whole story. Both our security editor, Rich Mogull, and iMore’s Rene Ritchie have heard that part of the motivation for not offering a personal encryption key is the number of people who lock themselves out of their iCloud accounts. As long as Apple holds those encryption keys, the company can help users get back into their accounts and restore their data.
What can you do to protect your data from being turned over by Apple in response to a court order? You could disable iCloud backups on your iPhone and iPad in Settings > Your Name > iCloud > iCloud Backup and instead perform encrypted backups on your Mac, either in iTunes or in the Finder in macOS 10.15 Catalina. Unfortunately, we’ve found such backups to be somewhat unreliable in recent years. Also, remember that as of iOS 13, you can now transfer apps and settings directly from an old iPhone to a new one, without the intermediary of an iCloud backup.
Regardless, Apple is stuck between a rock and a hard place. The company’s privacy stance dictates that it should allow users to encrypt their iCloud backups such that even it can’t peek into them. Simultaneously, Apple also has to deal with accusations, now from both Democratic and Republican administrations, of protecting criminals. And it must also walk the more prosaic line of trading off a hard-line privacy stance against the very real need to deal with simple human error at a massive scale.